Malware spam: "December unpaid invoice notification"

So far I have only seen a single sample with an attached file called 11IDJ325.doc which is undetected by AV vendors. Inside is a malicious macro [pastebin] with an encrypted section that executes this:

Although the EXE file from 176.31.28.244 (OVH, France / Bitweb LLC, Russia) is downloaded as a CAB file and then EXPANDed to an EXE, there is in fact no file transformation happening at all (which is odd). This executable has a detection rate of 2/57.

This Malwr report shows it downloading a DLL with an MD5 of a40e588e614e6a4c9253d261275288bf [VT 4/57] which is the same payload as found in this earlier spam run, along with another executable with an MD5 of 409397f092d3407f95be42903172cf06 which is not in the VirusTotal database. The report also shows the malware phoning home to the following IPs: